Vulnerabilities > Westerndigital
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-12 | CVE-2020-29654 | Uncontrolled Search Path Element vulnerability in Westerndigital Dashboard Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM account. | 6.9 |
| 2020-12-12 | CVE-2020-29563 | Improper Authentication vulnerability in Westerndigital MY Cloud OS 5 An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. | 7.5 |
| 2020-12-01 | CVE-2020-28971 | Improper Input Validation vulnerability in Westerndigital MY Cloud OS 5 An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. | 7.5 |
| 2020-12-01 | CVE-2020-28970 | Unspecified vulnerability in Westerndigital MY Cloud OS 5 An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. | 7.5 |
| 2020-12-01 | CVE-2020-28940 | Unspecified vulnerability in Westerndigital MY Cloud OS 5 On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device. | 7.5 |
| 2020-11-18 | CVE-2020-13799 | Authentication Bypass BY Capture-Replay vulnerability in Westerndigital products Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. | 4.6 |
| 2020-10-29 | CVE-2020-27744 | Improper Privilege Management vulnerability in Westerndigital MY Cloud Firmware 04.05.00320 An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. | 7.5 |
| 2020-10-27 | CVE-2020-27160 | Improper Privilege Management vulnerability in Westerndigital MY Cloud Firmware 04.05.00320 Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3). | 7.5 |
| 2020-10-27 | CVE-2020-27159 | Improper Input Validation vulnerability in Westerndigital MY Cloud Firmware 04.05.00320 Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114 | 7.5 |
| 2020-10-27 | CVE-2020-27158 | Improper Privilege Management vulnerability in Westerndigital MY Cloud Firmware 04.05.00320 Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. | 7.5 |